232 matches found
CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account...
Sonatype Nexus Repository Manager 信息泄露漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. An information disclosure vulnerability exists in Sonatype Nexus Repository Manager, which can be exploited by an attacker to bypass acces...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-37152
CVE-2021-37152 affects Sonatype Nexus Repository Manager 3.x prior to 3.33.0. An authenticated attacker who can add HTML files to a repository could cause cross-site scripting by redirecting users to Nexus pages with modified code. Root cause: improper handling/delivery of HTML content uploaded t...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
Design/Logic Flaw
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 is vulnerable: remote authenticated attackers can enumerate blob files and read blob contents via GET without proper access. Affected software is Nexus Repository Manager 3.x prior to 3.31.0; remediation is to upgrade to 3.31.0 or later (per Red...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
Sonatype Nexus Repository Manager 路径遍历漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A path traversal vulnerability in Sonatype Nexus Repository Manager version 3.x prior to 3.31.0 allows remote authenticated attacke...
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
Cross site scripting
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-29159
The vulnerability CVE-2021-29159 affects Nexus Repository Manager 3.x prior to 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, execute arbitrary JavaScript in the NXRM application context. This is a cross-site scripting (...
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...
CVE-2021-30635
CVE-2021-30635 affects Sonatype Nexus Repository Manager 3.x prior to 3.30.1. The vulnerability is a directory traversal issue that allows a remote attacker to enumerate files and directories in a UI-related folder; no customer-specific data is exposed. Impact is limited to information disclosure...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...